Microsoft Alerts of Proxy Server Hack
PCworld, on March 26, 2007, quoted Microsoft saying network managers will be smart to reconfigure Windows Internet Naming Service (WINS) or Domain Name System (DNS) on their servers to prevent a hacking attempt that could direct the users via a malevolent proxy server.
Researchers at IOActive, a security firm, said that the trouble arises because the Windows PCs use a design bug in the system to get proxy settings. Consequently, a hacker with an access to a network, say, at a firm, could introduce a malevolent proxy and can see all the traffic on the system, added the researchers as reported by ZDNET on March 26, 2007.
Applications like Internet Explorer (IE) use Web Proxy Automatic Discovery (WPAD) protocol to locate a file, which allows a browser to organize its proxy settings. However, said the company researcher at IOActive, it is possible to install a configuration file which would direct the traffic via a malevolent proxy.
Chris Paget, Director, Research and Development, IOActive said that a hacker could establish the "detour sign" as IE on Windows PC hunts for a proxy server by using Web Proxy Autodiscovery Protocol by default. It is found that a hacker can very easily list a proxy server on network by using WINS, and some other network services comprising DNS, added Paget.
He said that when Internet Explorer starts up, it would ask the network about its proxy server.
A malevolent WPAD.dat file can be placed in DNS or WINS. Once the corrupt file reaches it, WPAD clients are likely to be capable to direct their net traffic via a malevolent proxy server, said Microsoft. To determine the hosting's name (which has proxy configuration file), the client application searches in WINS or DNS. The details on server configuration are on the support Website of Microsoft as reported by TECHWORLD on March 26, 2007.
To address the problem of WPAD, Microsoft lists some points for network administrators in its support article. The points keep static WPAD DNS host names and to keep records of WPAD WINS names. It will deactivate a hacker's malevolent WPAD name that will ruin the malevolent proxy trick, said Paget.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 30-03-2007